Threat Intelligence, Security Strategy, Plan, Budget

Five ways to assess risk as the Russia-Ukraine conflict heats up

Demonstrators gather at the White House in Washington, D.C., on February 20 to call for the United States to take a stronger stand against Russia. As the Russian invasion continues, today’s special columnist, Sam Curry of Cybereason, offers advice to security team worried about increased cyberattacks. (Photo by Kenny Holston/Getty Images)

Recent events in Ukraine are a reminder for companies to refresh their cyber hygiene and security awareness training. Tensions are high in Eastern Europe and cyberattacks are inevitable.

Just like when COVID scams broke out in 2020 with watering hole attacks luring tens of thousands of victims, we can expect opportunistic actors to exploit the Ukrainian crisis in the coming days and weeks. Companies may not believe they are in the crosshairs, but they are. Every business should annually review business risk, including the impact cyberattacks could have on their business. The recent invasion and chaos that results from it immediately changes those risks. Even if the company reviewed business risks in January, do it again because something that wasn't obvious in January, might be by March.

For all organizations, now’s the time to eliminate single points of failure, identify partners in your supply chain and contact them now and prepare for contingencies if their business becomes disrupted. In other words, have back-up suppliers ready on speed-dial if needed.

Anonymity stands as an intriguing aspect of cyber conflict: there’s a complete decoupling of rhetoric from actions. Deny ’till you die has been the mantra in cyber and geopolitics. However, actions speak louder than words. The ongoing cyberattacks against Ukrainian government agencies, banks and other critical infrastructure operations over the past few weeks are diabolical. In any other theater besides cyber, the attacks alone would be a clear act of war and subject to diplomatic, economic, and potentially military reprisals.

There’s no silver bullet or magic potion that will solve the cybersecurity challenges facing most average organizations. To minimize damage and to assess their preparedness, organizations should consider these recommendations as they prepare for the possible cyberattacks impacting their business:

  • Be on high alert. Call the employees or associates that the company calls for in a crisis and have them ready because they may get called in multiple directions in a crunch. If the company doesn’t have anyone on its staff filling this role, call the best cyber people available and seek their advice.
  • Think about the company’s priorities at the moment and pass that information to peers and employees. For instance, “we care about people’s safety first, then about data security, then about this service being available,” and so on. That’s leadership that people can use if things go wrong.
  • Identify the critical services that are “single points of failure” for the business. If critical services go down, the business stops. Have a plan for “what to do if.” This doesn’t have to be perfect, but think now about what to do if email goes away or a customer portal or CRM tool gets locked. There’s no perfect solution, but managers will be more creative when there isn’t adrenaline pumping. Know that any thought given to it on what the company will do is an advantage.
  • Minimize new, risky projects. The retail industry freezes IT in the holiday shopping months. It’s all about keeping the business running for a few months and then after the crunch developing new capabilities. This also includes minimizing the use of anything not needed for business for a while on work systems, such as social media (except for marketing personnel), and games and non-business web browsing.
  • Develop a crisis plan. Know where the company’s people are, how they will connect, work, and ensure that services that do this are ready, including VPNs and productivity suites. Have a plan and communicate it to people in the event that the internet and services aren’t available.

While the spillover risk for organizations is unknown today, critical services haven’t been disrupted that we know of, and that spillover could come in the days ahead. Don’t panic, assess risks to the business, ensure that company employees are safe and be prepared to change course if the situation changes in Ukraine, tensions rise further, and escalation increases.

Sam Curry, chief security officer, Cybereason

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.